Information society service providers are not obliged to monitor users' activity in order to identify and prevent copyright infringement because such a requirement would lead to the invasion of users' privacy, an Italian court has ruled. RTI, an Italian media group, had asked the Court of Rome to issue an injunction to force Google to prevent copyright infringement via its blogging platform, Blogger.com. RTI had claimed Google was liable for infringement because football matches it owned the rights to were being streamed from a web portal hosted by the Blogger.com site according to a summary of the ruling on the 1709 copyright blog.

However, the Court said Google was not liable for the activity because it had acted to remove the allegedly infringing material when notified. It added that issuing an injunction "aimed at preventing all future infringements would be tantamount to imposing an obligation of general surveillance of all the communications passing through a provider's network".

"Such an obligation cannot be imposed upon a service provider, in that this would be contrary to EU law. This would also be in contrast with the freedom of the service provider to conduct its business, since such surveillance would require that the provider install a complicated, costly computer system," the Court had ruled, according to the 1709 blog summary.

In a blog post Google said the Italian court's ruling was "important because it further clarifies the rules on liability online". The internet giant urged rights holders to inform it when copyrighted content had been uploaded to its "platforms" without permission.

The EU's Copyright Directive says copyright owners can obtain a court order against intermediaries whose services are used for piracy. But the E-Commerce Directive says that service providers are generally not responsible for the activity of customers and that member states must not put service providers under any obligation to police illegal activity on its service. Service providers are not liable for infringement via their services if they do not have "actual knowledge" of the illegal activity or having obtained such knowledge "acts expeditiously to remove or to disable access to the information".

EU data protection laws rules outlining the legitimacy of personal data processing require all such processing to be done "fairly and lawfully" and state that personal data must only be collected for "specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes". The laws also state that, in general, information can only be processed if a person has given their unambiguous consent and if that consent is explicitly given.

Separate EU laws set out in the EU's Privacy and Electronic Communications Directive also state that storing and accessing information on users' computers is generally only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing".

Under the EU Charter of Fundamental Rights individuals generally have a right to privacy and protection of personal data. The Charter also confers rights on free speech, the freedom to conduct business and states that intellectual property (IP) "shall be protected".

Last month the European Court of Justice (ECJ) ruled that although that the protection of IP is a fundamental right under EU law, it is not "absolutely protected" and has to be balanced against other fundamental rights. It ruled that a Belgian court had not struck a "fair balance" between the rights of a music royalties collecting society and those of an internet service provider (ISP) and its users when ordering the ISP to filter online traffic in search of copyright infringement.